'2.5 billion Gmail users at risk'? Entirely false, says Google

SOPA Images / LightRocket via Getty Images

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

• Google did not issue a warning about a major security breach.
• But hackers have been targeting Salesforce data in the cloud.
• Always be alert for phishing and vishing attacks.

Worried about reports that a major security breach has impacted your Gmail account? Well, apparently, those claims are much ado about nothing.

Also: How to encrypt any email - in Outlook, Gmail, and other popular services

"We want to reassure our users that Gmail's protections are strong and effective," Google said in a blog post on Sunday. "Several inaccurate claims surfaced recently that incorrectly stated that we issued a broad warning to all Gmail users about a major Gmail security issue. This is entirely false."

Kernels of truth

Google did not cite any specific security issues that may have fueled the rumors. But the company is likely referring to a recent breach that affected its cloud-based Salesforce databases.

Allegedly orchestrated by the cybercriminal group ShinyHunters, the incident reportedly compromised customer and company names, triggering phishing and vishing (voice phishing) attacks. In response, reports claimed that Google advised 2.5 billion Gmail users to update their passwords.

Also: This new Gmail tool lets you declutter your inbox in seconds - here's how to use it

Though there was no such advisory, there are kernels of truth here. Attackers have been targeting valuable Salesforce data stored in Google's cloud. On August 26, the Google Threat Intelligence Group issued a warning about a hacker who compromised OAuth security tokens related to Salesloft Drift, an AI-based chatbot that Salesforce has integrated into its system.

The phishing and vishing attacks staged by hackers are also a real and persistent threat. In June, Google explained how attackers are using such tactics to scam unsuspecting employees. Impersonating IT support personnel and other trusted individuals, cybercriminals email or call their intended victims at targeted businesses to trick them into granting access to sensitive information.

Google's Gmail protections block more than 99.9% of phishing and malware attempts from reaching users, the company claimed in its blog post. But Google also warned against unfounded rumors such as the security alert that was attributed to the company.

Also: How to turn off Gemini in your Gmail, Docs, Photos, and more - it's easy to opt out

"Security is such an important item for all companies, all customers, all users -- we take this work incredibly seriously," Google said. "Our teams invest heavily, innovate constantly, and communicate clearly about the risks and protections we have in place. It's crucial that conversation in this space is accurate and factual."

How to protect yourself

To protect yourself and your company from actual phishing campaigns and other attacks, the usual advice is always worth repeating.

1. Make sure you use a strong and secure password with the right type of two-factor authentication.
2. Better yet, start replacing your passwords with passkeys whenever and wherever possible.
3. Scrutinize each email you receive, especially those asking for account information or other critical data.
4. Beware of phone calls that appear to come from a legitimate source but request confidential account or payment information.